Schnorr's signatures for CoinJoin and more
Although CoinJoin - including Chauumovsky - was always possible and offered a few years ago, it was not very popular until recently. For a long time, this option was not offered by any popular wallet, perhaps because CoinJoin transactions increase complexity, providing little advantage to those who do not care much about privacy.
The signatures of Schnorr, which recently submitted an official proposal to improve Bitcoin (BIP) developer Bitcoin Core and Blockstream Peter Wuyle, can help provide such benefits.
Schnorr's signatures, named after its inventor Klaus-Peter Schnorr, are considered by many cryptographers to be the best type of cryptographic signatures in the field. Probably the main specific advantage for Bitcoin is the ability to combine multiple signatures into one. That is, one signature can prove ownership of several original addresses (entries). Therefore, a single signature is sufficient in a normal transaction, regardless of the number of original addresses (entries).
Conjoint transactions, of course, also always include multiple original addresses, at least one per member. Therefore, Schnorr's signatures can give CoinJoin a new advantage: they allow all participants not only to combine their transactions into one, but also to combine their signatures of this transaction into one. Thus, the size of the CoinJoin transaction will be smaller than the total size of individual transactions, which in turn means that miners have to charge a lower commission for processing it.
With Schnorr's signatures, using the most privacy-friendly option becomes profitable, which can motivate it to be implemented in wallets and become a reliable option for everyone.
In addition, the mathematical properties of Schnorr's signatures can be used in the newest class of more complex solutions that bear similarities to smart contracts, with names such as "sceneless scripts," "Taproot" and "Graftroot." Interestingly, in the Bitcoin blockchain, these solutions will look like ordinary Bitcoin transactions. This, for example, could make it possible for futures markets, decentralized exchanges, or insurance contracts where spies will not be able to see anything other than ordinary-looking transactions.
Stonewall
Another privacy measure related to CoinJoin was introduced into the Samourai wallet in May 2018.
STONEWALL transactions are essentially ordinary transactions: they send bitcoins from one user to another. However, STONEWALL transactions do something unusual: they include optional original addresses (inputs) and surrender addresses (exits). Because of this, the transaction resembles a CoinJoin transaction - where two people combine their transactions into one - although in fact it is not. (More).
STONEWALL's idea is to confuse the assumptions made by spies in the analysis of the Bitcoin blockchain. If spies cannot say for sure whether they are dealing with CoinJoin transactions, any conclusions drawn from these transactions do not make sense.
The Samourai wallet will soon also sell STONEWALL for two wallets, where real CoinJoin transactions will take place with the participation of two users who trust each other in terms of privacy.
Dandelion
A completely different method of deanonymizing Bitcoin users is peer-to-peer analysis. In particular, spy sites can track bitcoin's network in an attempt to find out the origin of transactions: the first node that transferred the transaction is probably its creator.
Dandelion is a solution proposed by a team of academic researchers from Carnegie Mellon University, the University of Illinois and the Massachusetts Institute of Technology. It was recently presented at the Building on Bitcoin conference in Lisbon by Julia Fanti, a professor at Carnegie Mellon University.
The solution counteracts network analysis by changing the distribution of transactions in the peer-to-peer network. Instead of immediately broadcasting a new transaction to as many nodes as possible, the Dandelion protocol first sends a new transaction to just one site. This site randomly decides whether to send it to only one site or not. If only one node is transferred, the next node also randomly decides what to do. (And so on). Otherwise, the node broadcasts the transaction to as many nodes as possible, and all the nodes that receive it do the same. So it should be much more difficult for spies to establish the origin of the transaction.
The research team has already implemented the Dandelion version, and the overall proposal has met with a positive reaction in the Bitcoin development community. Therefore, it may be included in one of the next Bitcoin Core releases (but the next release, 0.17.0, will be released too soon).
BIP 151 Encryption
Another long-standing proposal to limit network analysis is BIP 151, authored by Bitcoin Core's mainiteer and Shift developer Jonas Schnelli. BIP 151 is a fairly straightforward solution: it allows Bitcoin nodes to encrypt traffic between them (and therefore transaction and block data).
However, it should be noted that in its purest form BIP 151 is not a panacea for privacy. In particular, the Bitcoin blockchain is still public, and, most importantly, nodes can connect to the same spies from which they would like to hide, and share data with them. However, BIP 151 may be the first step to countering several types of attacks, including privacy attacks (such as intermediary attacks).
And even in its purest form, such a solution can be better than nothing. In particular, peer-to-peer encryption can be useful for certain applications and scenarios; for example, ISPs or open Wi-Fi networks will no longer be able to track Bitcoin traffic.
Although BIP 151 disappeared from view for a year or two after the offer disappeared from view, Schnelli recently returned to the project and rewrote the "official" proposal for discussion and potential inclusion in Bitcoin Core.
Compact block client filter
To use Bitcoin without downloading and checking the entire blockchain, many use lightweight customers, such as mobile wallets. Unfortunately, in almost all such lightweight clients, privacy protection is weak, if not non-existent. They usually exchange their addresses with a central server or a random network node that may be spies or be monitored by spies.
Many lightweight customers who (actually) exchange their addresses with a random network node use a technique known as simplified Payment Verification (SPV). These SPV clients typically use "Bloom filters" to request potentially related transactions, if any. Although such a filter will produce false positiveresults, which means that the SPV client will request more transactions than is strictly necessary, there are not so many of them compared to downloading all transactions.
Unfortunately, SPV wallets actually also reveal all their addresses to the nodes from which they request this data. To solve this problem, Lightning Labs developers Olaoluwa Osuntokun and Alex Axelrod, together with Coinbase developer Jim Posen, proposed a new solution called "compact block client filter."
The compact block client filter was originally created for Lightning Labs' Neutrino wallet for the Lightning network, but it can also be used in regular Bitcoin wallets: the Wasabi wallet has already implemented the beta version of the solution.
The compact client block filter actually does the same thing as existing SPV wallets, just the opposite. Instead of SPV wallets requesting related transactions by creating and sending a Bloom filter, a similar filter creates complete nodes. SPV wallets then use this filter to determine if there have been related transactions. If the filter is positive, Neutrino reads the relevant block to make sure that the result is not false, but really concerns a particular transaction.
Because SPV wallets that use a compact block client filter no longer ask any site for anything specific, and instead receive a generic filter, they also don't report their transaction history.
Liquid and Confidential Transactions
Liquid is the first commercial sidechain developed by blockchain development company Blockstream. Its main task is to create transaction channels between exchanges and other companies with a large volume of Bitcoin transactions (such as brokerage firms), which allows them to transfer bitcoins and other assets much faster than blockchain allows. Bitcoin. In the future, access to the sidechain should also be available to ordinary users (particularly traders) who have special Liquid wallets.
One of the options implemented in Liquid is Confidential Transactions (CT). CT is a technique that hides the amounts sent and received in transactions. This is possible due to the fact that dodgy cryptography allows you to perform mathematical operations with hidden amounts. All Liquid users can make sure that the amount they receive does not exceed the amount they receive. In other words, they can make sure that no new bitcoins have appeared - even if they don't know exactly how much money was being sent.
In the context of Liquid, this means (among other things) that exchanges can send funds to each other so that no one can know how much was sent. This process ensures confidentiality, and, for example, competitors will not be able to know how much money the exchange has. At the same time, traders will no longer be able to use such information for the purpose of speculation, which is actually a kind of ahead game, which is possible today because of the public nature of the Bitcoin blockchain.
When Liquid becomes available to ordinary traders, these users will first be able to use the protocol to hide their balance from spies even after withdrawing funds from the exchange for temporary storage on the sidechain or transfer to another exchange. In addition, Solutions such as CoinJoin can be developed for Liquid wallets to produce a particularly powerful combination of privacy technologies. (If multiple transactions are combined into one and amounts are hidden, it becomes almost impossible to establish a link between addresses.)
Moreover, CT can also be implemented in the main Bitcoin protocol. There are already a number of ideas on how to do this with a compatible software fork, but while technological innovations are not in place, such upgrades will still be accompanied by significant scalability damage and probably more will not soon become a reality.
This article focuses on new and anticipated privacy technologies. There are also old solutions: invisible addresses, use as a wallet full of Bitcoin, Coin Control, JoinMarket and other existing solutions CoinJoin, "ricochet", PayNym, Sphinx in the Lightning network, Monero-swap, etc.
Thank you for reading my article!
Start here: https://zen.yandex.ru/profile/editor/id/5d8479e91d656a00ad33bc90/5d8622f898fe7900ac28bffe/edit